That should only show movies that start with some string ... but i did not check for the fact that the user could provide their own GET query and specify only '%' ... of course, for this application ... it is OK, but that still does not excuse the potential security hole i dug.
For the record, i am rewiting that interface with Template and Class::DBI. It's slow going, because i have tables in the 3rd Normal Form, and Class::DBI currently does not handle selections across tables as well as i would like. But as soon as i am finished, i will share it with the Monastery (i have not written a large tutorial in a while ...).
UPDATE: (for anyone interested in such)
My DVD CGI search form uses POST requests. This (in the
past) meant that web bot scripters needed to look at the
source and munge out all the parameters in order to
re-create the proper form query. I used the
Web Developer Plugin for the
Firebird browser
to literally convert POST requests to GET requests on a
loaded HTML page. Then, when you submit, the form parameters
are sent as a GET request, allowing you to cut-n-paste the
URL such as i did above. Of course, this only works if the
CGI script you are querying accepts both GET and POST
requests. Not all do.
(*cough*
*cough*)
jeffa
L-LL-L--L-LL-L--L-LL-L-- -R--R-RR-R--R-RR-R--R-RR B--B--B--B--B--B--B--B-- H---H---H---H---H---H--- (the triplet paradiddle with high-hat)
In reply to 3Re: Parsing a boolean search string for SQL query
by jeffa
in thread Parsing a boolean search string for SQL query
by bradcathey
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |